Overview

overview

10

Static

static

10

v2.bin(1).zip

windows7-x64

3

v2.bin(1).zip

windows10-2004-x64

1

v2.exe

windows7-x64

10

v2.exe

windows10-2004-x64

10

Resubmissions

14-01-2025 05:35

250114-gaenbszqam 10

10-01-2025 23:50

250110-3vv2pswmhj 10

11-12-2024 15:19

241211-sqgcmssnbr 10

09-12-2024 01:54

241209-cbqprsxngx 10

26-11-2024 23:15

241126-28wpqa1ndp 10

30-09-2024 21:45

240930-1l2rsazhpg 10

15-09-2024 22:03

240915-1yl7vsvbpf 10

15-09-2024 20:03

240915-ystcwa1elr 10

20-08-2024 16:21

240820-ttt9cawalj 10

Analysis

  • max time kernel
    1560s
  • max time network
    1560s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    09-12-2024 01:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v2.bin(1).zip

  • Size

    73KB

  • MD5

    620fd461cab821f478f7cce1bf06d1ac

  • SHA1

    a083516b5a275a2e9141f68a99ab4878632c5552

  • SHA256

    f442d0543f6df79be9fbaed90af2dedbcf2e4774561421763577b148a9ff8554

  • SHA512

    9ad7d4f17e156e21885c89b242430a06652ea8bdc45b22dc64f23efe8c2f6391ac5556c5e2bd14cf46d5bd8cb8dbb89f714466eef348dcb19ad16f3175dd3117

  • SSDEEP

    1536:yJrdZ1PgFel3BJmc11f0MPxwX5o2CfFGm8SXZRObA:yJJZ1cKxJm+bZGCfFjpRObA

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\v2.bin(1).zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\7zO49AA7AB7\.reloc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1128
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO49AA7AB7\.reloc
        3⤵
          PID:2816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\7zO49AA7AB7\.reloc
      Filesize

      2KB

      MD5

      37eca68cd795bb195a682fc3801d35aa

      SHA1

      b3d93cdff6b2040cf1b055a1db1755e44ea7622e

      SHA256

      3b67482ffde6defd3650261ad65d1a70d63226614d783bcec445db47ef4dd200

      SHA512

      70369edf9d747347691fc0a446e7ebe0aeba26851c1542c80b4c8cf78474b204c7f9ee6c7e78f6b2562624debe9d98e1d3cee9ad573deeb91a097429c2012bb2

      Download Submit